Kerberos Constrained Delegation in libsmbclient
Vikram Bharti
vikrambharti33 at gmail.com
Thu Feb 25 11:58:17 UTC 2021
IMO KCD can take service user, password/keytab-file, UPN of impersonation
user, and SPN of service as inputs (probably in auth_callback)
or it can take final service ticket (TGS-REP) as input in auth_callback.
Not so sure what should be right the way but I leave it up to you decide if
these 2 are feasible or if there is a better way.
On Thu, Feb 25, 2021 at 12:00 AM Jeremy Allison <jra at samba.org> wrote:
> On Wed, Feb 24, 2021 at 05:29:37PM +0530, Vikram Bharti via
> samba-technical wrote:
> >Hi ,
> >
> >I was exploring a way to get KCD work with libsmbclient APIs and i see
> >libsmbclient supports Kerberos auth but can't find any API for
> >impersonation and delegation.
> >Pls let me know if there is a way to get it done.
>
> No, this is not currently available in the libsmbclient API's.
>
> Can you give an example of what you'd like this to look like,
> so we can assess how hard it would be to implement ?
>
More information about the samba-technical
mailing list